Remove Kind-specific manifest and scripts #3413
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov Report
@@ Coverage Diff @@
## main #3413 +/- ##
==========================================
- Coverage 63.53% 55.00% -8.54%
==========================================
Files 268 374 +106
Lines 26900 41447 +14547
==========================================
+ Hits 17091 22798 +5707
- Misses 7944 16253 +8309
- Partials 1865 2396 +531
Flags with carried forward coverage won't be shown. Click here to find out more.
|
antoninbas
force-pushed
the
remove-kind-specific-manifest
branch
4 times, most recently
from
7aecad7
to
d97175c
Compare
|
This PR depends on #3421 to avoid some Egress e2e test failures. |
antoninbas
force-pushed
the
remove-kind-specific-manifest
branch
from
d97175c
to
ee83b82
Compare
|
@antoninbas I think it is safe to remove the wireguard related manifests by removing the provider check in |
tnqn
added
the
action/release-note
tnqn
reviewed
Mar 9, 2022
xliuxu
reviewed
Mar 9, 2022
| } | ||
| } | ||
| assert.Contains(t, endpoints, fmt.Sprintf("%s:%d", nodeIP, apis.WireGuardListenPort)) | ||
| } | ||
| } |
There was a problem hiding this comment.
The tests can pass with the above changes. I can work on a follow-up PR to ensure the traffic went through the tunnel without using the wg command line.
antoninbas
force-pushed
the
remove-kind-specific-manifest
branch
from
ee83b82
to
c2a0dd6
Compare
jianjuns
reviewed
Mar 9, 2022
antoninbas
force-pushed
the
remove-kind-specific-manifest
branch
from
87aab4e
to
f82fef5
Compare
|
@tnqn thanks for the reviews. I just finished fixing all the tests, and I squashed my commits. |
|
@antoninbas I found two permanent failures:
The first one was caused by an implementation bug and it's great to see this PR increases the test coverage and exposes the bug. I have created #3430 to fix it. |
|
@tnqn Thanks, I'll rebase when your PR is merged. For IPsec I have decided to disable the test cases in Kind for now. There are a couple of reasons for that:
We may want to consider adding a new Kind CI job later on which will run just the IPsec tests. It will take care of both issues above. |
It seems that we no longer need to use the netdev datapath. In particular, the Linux VM used for Docker Desktop on macOS now includes the openvswitch and wireguard Kernel modules. As a consequence: * we remove the Kind-specific YAML manifest and the install_cni_kind script * we remove the kind-fix-networking.sh script * we give a warning to the user if they try to use the netdev datapath, since it is not fully supported and there are no good use cases anymore * we enable all tests (except for the IPsec tests) which were previously skipped on Kind (requires increasing the test timeout by 10 mins) * we no longer need support for wireguard-go (userspace implementation of WireGuard) * we remove the coreDNS hack in e2e framework introduced for netdev datapath Signed-off-by: Antonin Bas <abas@vmware.com>
antoninbas
force-pushed
the
remove-kind-specific-manifest
branch
from
f82fef5
to
4a4e079
Compare
|
/test-all |
|
/test-e2e |
|
/test-e2e |
antoninbas
force-pushed
the
remove-kind-specific-manifest
branch
from
74be804
to
54a7cb0
Compare
|
/test-e2e |
|
Signed-off-by: Antonin Bas <abas@vmware.com>
antoninbas
force-pushed
the
remove-kind-specific-manifest
branch
from
54a7cb0
to
9c56bc2
Compare
|
/test-all |
tnqn
previously approved these changes
Mar 11, 2022
To avoid the following errors in the Agent logs: ``` E0311 22:19:33.901740 8 exporter.go:211] "Error when initializing flow exporter" err="cannot retrieve CA cert: error getting ConfigMap flow-aggregator-ca: configmaps \"flow-aggregator-ca\" is forbidden: User \"system:serviceaccount:kube-system:antrea-agent\" cannot get resource \"configmaps\" in API group \"\" in the namespace \"flow-aggregator\"" ``` Signed-off-by: Antonin Bas <abas@vmware.com>
|
/test-e2e |
tnqn
approved these changes
Mar 15, 2022
|
/skip-networkpolicy |
Merged
This was referenced Apr 6, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Use OVS Kernel datapath for Kind clusters
It seems that we no longer need to use the netdev datapath. In
particular, the Linux VM used for Docker Desktop on macOS now includes
the openvswitch and wireguard Kernel modules.
As a consequence:
since it is not fully supported and there are no good use cases anymore
skipped on Kind (requires increasing the test timeout by 10 mins)
of WireGuard)
datapath